Among the cybercrime offenses included in the bill are cybersquatting, cybersex, child pornography, identity theft, illegal access to data and libel.The Act, divided into 31 sections split across eight chapters, criminalizes several types of offenses, including illegal access (hacking), data interference, device misuse, cybersquatting, computer-related offenses such as computer fraud, content-related offenses such as cybersex and spam, and other offenses. The law also reaffirms existing laws against child pornography, an offense under Republic Act No. 9779 (the Anti-Child Pornography Act of 2009), and libel, an offense under Section 355 of the Revised Penal Code of the Philippines, also criminalizing them when committed using a computer system. Finally, the Act provides for a catch-all clause, wherein all offenses currently punishable under the Revised Penal Code are likewise punishable under the Act when committed using a computer, with corresponding stricter penalties than if the crimes were punishable under the Revised Penal Code alone.
The Act has universal jurisdiction: its provisions apply to all Filipino nationals regardless of the place of commission. Jurisdiction also lies when a punishable act is either committed within the Philippines, whether the erring device is wholly or partly situated in the Philippines, or whether damage was done to any natural or juridical person who at the time of commission was within the Philippines. Regional Trial Courts shall have jurisdiction over cases involving violations of the Act. A takedown clause is included in the Act, empowering the Department of Justice to restrict and/or demand the removal of content found to be contrary to the provisions of the Act, without the need for a court order. This provision, originally not included in earlier iterations of the Act as it was being deliberated through Congress, was inserted during Senate deliberations on May 31, 2012. Complementary to the takedown clause is a clause mandating the retention of data on computer servers for six months after the date of transaction, which may be extended for another six months should law enforcement authorities request it.
The Act also mandates the National Bureau of Investigation and the Philippine National Police to organize a cybercrime unit, staffed by special investigators whose responsibility will be to exclusively handle cases pertaining to violations of the Act, under the supervision of the Department of Justice. The unit is empowered to, among others, collect real-time traffic data from Internet service providers with due cause, require the disclosure of computer data within 72 hours after receipt of a court warrant from a service provider, and conduct searches and seizures of computer data and equipment. It also mandates the establishment of special cybercrime courts which will handle cases involving cybercrime offenses (offenses enumerated in Section 4(a) of the Act)